AVG-1551 log

Package roundcubemail
Status Fixed
Severity High
Type cross-site scripting
Affected 1.4.10-2
Fixed 1.4.11-1
Current 1.4.11-1 [community]
Ticket None
Created Tue Feb 9 16:41:36 2021
Issue Severity Remote Type Description
CVE-2021-26925 High Yes Cross-site scripting
Roundcube before 1.4.11 allows cross-site scripting (XSS) via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering.
Date Advisory Package Type
12 Feb 2021 ASA-202102-27 roundcubemail cross-site scripting